Hoys Work Health believes that privacy is an important individual right and respects clients rights to privacy. We are committed to ensuring that all personal information collected is handled in a professional and confidential manner. Hoy’s Work Health’s collection, use and storage of personal and health related information complies with the National Privacy Principles and the Privacy Amendment (Private Sector) Act 2000.
The policy of Hoys Work Health is to follow these procedures:
- Collection of Personal Information
Information (including an opinion) is treated as personal information under the Privacy Act 2000, if the individual can be identified from that information.
Only necessary personal information will be collected and will be obtained directly whenever it is reasonable and practicable to do so. At, or before collection, reasonable steps will be taken to ensure your awareness of the purpose or purposes of collection and the extent to which that information may be disclosed. Personal information such as your name, address, date of birth, current home address and work address, home, work and mobile telephone numbers, year of birth, injury and employment details may be collected.
- Collection of Sensitive Information
Information that is regarded as sensitive under the Privacy Act 2000 such as racial or ethnic origin, political opinions, religious or philosophical beliefs will not be collected unless necessary to do so and consent has been given by you.
- Collection of Health Information
Information that is regarded as Health Information under the Privacy Act 2000 is information about the health or disability (at any time) of an individual, a health service provided, or is to be provided to an individual, or other personal information collected to provide or in providing a health service. Only that health information that is necessary for your effective rehabilitation will be collected by Hoys Work Health.
- Use and Disclosure of Information
Information will only be used or disclosed for the purpose it was given. Information collected and recorded is used to provide you with the correct rehabilitation services, to communicate with your employer and insurance company and for processing accounts. It will be used for other purposes only if:
- Consent to the purpose is expressed or implied.
- The use/disclosure is related to the main purpose of the collection and you would reasonably expect it to be so used.
- It is required by law or some other compulsion to disclose such information and is permitted in the National Privacy Principle 2.
We may disclose your health information to other health care professionals or require it from them, if in our judgement it is necessary in the context of your rehabilitation. In that event, disclosure of your information will be minimised wherever possible.
- Quality and Security
Every reasonable effort will be made to ensure the security of your personal and health information and that the information collected, disclosed and used is complete and accurate.
Client files and information systems are secured from unauthorised access, interference, misuse, loss or theft. Access is restricted to those who have a direct responsibility in coordinating, monitoring or providing rehabilitation services and to those who provide clerical and administrative support for those activities.
- Access and Correction
Requests for access to your information should be made to the manager. The manager will review all requests for information and advise of the decision. Access to documents supplied to Hoys Work Health by other parties will require you to access these documents directly from the author or source of these documents. There may be some cost to you in providing the information if your request is complex or requires detailed searching or copying of the record.
If any of the information we have about you is inaccurate, you may request us to alter our records accordingly.
- Storage and Access to Closed Records
The confidentiality of information in closed files will be stored in electronic password protected cloud based servers and retained for the required minimum period of seven years. After that time records will be appropriately destroyed or de-identified. Requests for access to closed records should be made in writing to the manager.
- Concerns or Complaints
Concerns or complaints in relation to this policy or the handling of your personal information should be directed to the manager.